Re: Non-root tun-over-ssh?

[Scott Solmonson <scosol%scosol.org@localhost>]

Hmm- reading both of those things makes me a bit ... squiggly.

"I just want to do ssh -w0:0 as a non-root user and worry about the rest later."

What you're talking about is a (user/UUID)-specific abstracted
object->network layer that all your applications can flow through,
which AFAIK has only been weakly conceptualized and barely implemented
in even the most esoteric Plan-9 kinds of operating systems.
Feel like inventing something?

-SS
-- 
NUNQUAM NON PARATUS


On Mon, Sep 19, 2011 at 8:04 PM, John Klos <john%ziaspace.com@localhost> wrote:
>
>> Maybe I'm missing something- or maybe two things.
>>
>> OpenSSH "tunnels" are app-level things, and have nothing to do with
>> the tun interface.
>
> You're right that the most common use of ssh for tunnels are for individual
> ports, but OpenSSH also has the ability to set up a point-to-point tunnel.
> You can read more about it here:
>
> http://bodhizazen.net/Tutorials/VPN-Over-SSH
>
> and here:
>
> http://blog.brixandersen.dk/?p=47
>
> It works well and lets me get real IPv6 wherever I go, plus in some places I
> route using real public IPs which can be used to present services, do NAT,
> et cetera.
>
>> And ideally, the routing table should be untouched as well.
>> This requires either apps that have flexible connection settings (most
>> do) or the use of a tcpwrapper/netcat kind of program.
>
> The creation of tun0 (or tun whatever number) doesn't touch the routing
> table, but making tun0 useful does. I just want to do ssh -w0:0 as a
> non-root user and worry about the rest later.
>
>> If this is not what you want at all, and you're talking about what I
>> think you might be, then OpenVPN is the solution :)
>
> Hmmm... Looks interesting. I'll have to play with it.
>
> Thanks,
> John